[go: up one dir, main page]

US8635260B2 - Random number generator incorporating channel filter coefficients - Google Patents

Random number generator incorporating channel filter coefficients Download PDF

Info

Publication number
US8635260B2
US8635260B2 US12/629,256 US62925609A US8635260B2 US 8635260 B2 US8635260 B2 US 8635260B2 US 62925609 A US62925609 A US 62925609A US 8635260 B2 US8635260 B2 US 8635260B2
Authority
US
United States
Prior art keywords
channel filter
filter coefficients
random number
bits
retrieved
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US12/629,256
Other versions
US20110131264A1 (en
Inventor
Laszlo Hars
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Seagate Technology LLC
Original Assignee
Seagate Technology LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Seagate Technology LLC filed Critical Seagate Technology LLC
Priority to US12/629,256 priority Critical patent/US8635260B2/en
Assigned to SEAGATE TECHNOLOGY LLC reassignment SEAGATE TECHNOLOGY LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HARS, LASZLO
Assigned to THE BANK OF NOVA SCOTIA, AS ADMINISTRATIVE AGENT reassignment THE BANK OF NOVA SCOTIA, AS ADMINISTRATIVE AGENT SECURITY AGREEMENT Assignors: SEAGATE TECHNOLOGY LLC
Publication of US20110131264A1 publication Critical patent/US20110131264A1/en
Application granted granted Critical
Publication of US8635260B2 publication Critical patent/US8635260B2/en
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • the present disclosure is directed to encryption systems for devices.
  • the present disclosure is directed to random number generators for generating seeds for pseudorandom number generators in devices, such as data storage devices.
  • Another application of highly unpredictable random numbers is related to securing data storage devices.
  • Common techniques for securing data storage devices include the use of cryptographic algorithms that rely on secret values, such as passwords or cryptographic keys. Such algorithms are typically open to the public and as such rely heavily on the secret quantity. Thus, the strength of the secret value is a function of how easy it is to guess the value. In general, the strongest secret quantity will be one that is selected through a true random process, such as random number generation. Accordingly, there is an ongoing need for techniques and systems for efficiently generating random numbers for securing data storage devices.
  • a first aspect of the present disclosure is directed to a device that includes a plurality of registers configured to store channel filter coefficients.
  • the device also includes a controller configured to retrieve the channel filter coefficient(s) from the plurality of registers and to implement a random number generator.
  • the random number generator is configured to generate a random number based at least in part on the values of the retrieved channel filter coefficient(s).
  • Another aspect of the present disclosure is directed to a data storage device that includes a controller configured to retrieve channel filter coefficients from a plurality of registers of a data receiver.
  • the data storage device also includes an algorithm implemented by the controller to generate a random number based at least in part on the values of the retrieved channel filter coefficients.
  • Another aspect of the present disclosure is directed to a method for encrypting a device.
  • the method includes retrieving channel filter coefficients from a plurality of registers of the device, and generating at least one seed value based at least in part on the value of each of the retrieved channel filter coefficients.
  • the method also includes performing a hashing algorithm on the at least one seed value, generating a random number based at least in part on the at least one hashed seed value, and outputting the random number.
  • FIG. 1 is a plan view of a data storage device for storing and transferring data.
  • FIG. 2 is a block diagram of data receiver of the data storage device.
  • FIG. 3 is a graphical illustration of channel filter coefficients versus values of the channel filter coefficients attainable from the data receiver of the data storage device, which illustrates correlations that may occur between separate channel filter coefficients.
  • FIG. 4 is a flow diagram of a method for generating random numbers based on physical entropy attainable with the channel filter coefficients of the data storage device.
  • the present disclosure is directed to cryptographic pseudorandom number generators for supplying devices, such as data storage devices, with random numbers based on coefficients of adaptive channel filters (referred to as channel filter coefficients).
  • the channel filter coefficients are at least partially unpredictable physical entropy sources that may be used to seed cryptographic random number generators at each power up and at special requests (e.g., while re-initializing firmware).
  • the entropy obtained from the channel filter coefficients is desirably based on the full values of the channel filter coefficients rather than being based on comparisons to preset median values. As discussed below, each channel filter coefficient typically attains only a few distinct values, and a substantial portion of the variability in the given channel filter coefficient is preserved in the least significant bits. Seeding with such physical entropy sources allows a pseudorandom number generator to provide unique pseudorandom number sequences, with a negligible probability of a repeated sequence. Furthermore, with repeated access to the channel filter coefficients, the data storage device may obtain as much entropy as necessary for encryption purposes. Accordingly, generating secure random sequences in this manner precludes the need for secure, protected storage for keys or for the internal state of the generator between random number generating sessions, for example, over power cycles.
  • FIG. 1 is a plan view of storage device 10 , which is an exemplary data storage device (e.g., a hard disk drive) for storing and transferring data with a host device (not shown). As shown, the components of storage device 10 are retained between base 12 and top cover 14 (shown in partial cut-away), which mate to form a partially or fully sealed housing.
  • Storage device 10 also includes storage disk 16 and spindle motor 18 , where spindle motor 18 rotates storage disk 16 in a rotational direction during operation.
  • Storage disk 16 includes recordable surface 20 , which is a surface of storage disk 16 having one or more recordable regions.
  • Storage device 10 further includes actuation motor 22 (e.g., a voice coil motor), actuator arm 24 , suspension assembly 26 , and slider 28 , where slider 28 carries a transducing head (not shown in FIG. 1 ). Slider 28 is supported by suspension assembly 26 , which in turn is supported by actuator arm 24 . Actuation motor 22 is configured to pivot actuator arm 24 about an axis in order to sweep suspension assembly 26 and slider 28 in an arc across recordable surface 20 (represented by arrow 30 ), where slider 28 desirably floats above recordable surface 20 on a cushion or air. An additional microactuation system (not shown) may also be used to produce precise, small-scale movements of suspension assembly 26 and slider 28 .
  • actuation motor 22 e.g., a voice coil motor
  • actuator arm 24 e.g., a voice coil motor
  • Slider 28 is supported by suspension assembly 26 , which in turn is supported by actuator arm 24 .
  • Actuation motor 22 is configured to pivot actuator arm 24 about an axis in
  • the transducing head carried by slider 28 may be positioned relative to selected data tracks located on recordable surface 20 . This allows the transducing head to write data to, and read from, the data tracks on recordable surface 20 during operation. Accordingly, during a read operation, the transducing head generates a read signal based on the magnetic pattern stored in recordable surface 20 . This read signal is processed by a data receiver (not shown in FIG. 1 ) to identify data represented by the magnetic pattern.
  • actuator arm 24 may be prone to mechanical vibrations, which are affected by air turbulence.
  • the vibration in vertical direction may influence the amplitude of the read signal, while the radial vibration may affects the noise pattern from the granular structure of the magnetic particles and crosstalk from neighbor tracks.
  • servo patterns may be written to recordable surface 20 . These servo patterns may be organized in radial spokes which are typically traversed by the transducing head about 200 times per revolution.
  • a controller (not shown in FIG. 1 ) evaluates the read signal and corrects the radial position accordingly. It also tunes an adaptive channel equalization filter for optimum signal shape. This may be accomplished with hard coded algorithms in the integrated circuits, or with drive firmware stored on a computer storage medium of storage device 10 (e.g., in read-only memory), which can access the channel filter coefficients, for example via a data bus or a diagnostic interface between the main control application-specific integrated circuit (ASIC) and the channel signal processor.
  • ASIC application-specific integrated circuit
  • the tracking correction is based on the current radial position, velocity and acceleration of the transducing head.
  • the channel filter coefficients represent resistor values of an analog equalization filter, continuously tuned by the controller of the read/write channel chip to make the peaks of the output signal close to equally high. These values are affected by the turbulent airflow and mechanical vibrations, as well as by the head noise, the electronic noise, the motor speed variations, the flight height of the transducing head, the actual path of the transducing head over the track, the tracking error corrections, and the like.
  • the channel filter coefficient values are constantly updated as the transducing head reads the servo patterns on recordable surface 20 to maintain correct positioning over the track. These updated values provide unpredictable physical entropy sources that may be used to seed cryptographic random number generators, as well as faster but less unpredictable pseudorandom number generators.
  • FIG. 2 is a block diagram of data receiver 32 , which is an example of a suitable data receiver for use in storage device 10 (shown in FIG. 1 ).
  • data receiver 32 receives a read signal from the transducing head of slider 28 on communication line 34 .
  • Data receiver 32 may also include one or more preamplifiers (not shown) to amplify the read signal, and/or more signal filters (not shown) to remove noise from the read signal, and/or one or more analog-to-digital converters (not shown) to digitize the read signal.
  • Communication line 34 is connected to equalization filter 36 , which is configured to modify the read signal based on the channel filter coefficients stored in registers 38 .
  • suitable filters for equalization filter 36 include digital and analog equalization filters, such as finite impulse response filters.
  • registers 38 include 12 separate registers 38 a - 38 l , each of which stores a channel filter coefficient (e.g., 8-bit registers). In alternative embodiments, registers 38 may include different numbers of registers based on the particular designs of storage device 10 .
  • the channel filter coefficients stored in registers 38 a - 38 l are used by data receiver 32 to modify the read signals to achieve an increased quality of the received read channel signal.
  • Detector 42 is a signal detector (e.g., a Viterbi detector), which receives and evaluates the equalized read signals from equalization filter 36 . This allows detector 42 to identify whether equalization filter 36 is properly modifying the read signals.
  • the equalized read signals are then output from detector 42 along communication line 44 , where they may undergo post processing (e.g., parity error checking) to produce channel output signals.
  • equalization filter 36 frequently updates the channel filter coefficients stored in registers 38 a - 38 l to achieve an increased quality of the received read channel signal. This may be performed with feedback lines 46 and 48 , which connects registers 38 , detector 42 , and controller 50 , thereby providing a process control loop that may be managed by controller 50 .
  • detector 42 evaluates the equalized read signals. If the signal quality is not optimal, detector 42 relays one or more correction signals to registers 38 over feedback lines 46 and 48 .
  • the channel filter coefficients stored in registers 38 a - 38 l may then be updated to keep the signal characteristics of the equalized read signals the most desirable. As discussed above, because storage device 10 continuously reads the servo patterns on recordable surface 20 to keep the transducing head correctly positioned over the track, the channel filter coefficients stored in registers 38 a - 38 l are constantly updated.
  • the channel filter coefficients are typically updated to remain around a set of values that represent the most likely values needed to properly modify the read signal. Thus, each channel filter coefficient typically attains only a few distinct values. Furthermore, one or more of the channel filter coefficients may be fixed as an asymmetry compensation tap, which is set for the transducing head and each zone on recordable surface 20 during the manufacture of storage device 10 . In these cases, the fixed coefficients do not provide physical entropy and may be disregarded.
  • a seek and read operation may be performed by the transducing head.
  • the seek operation desirably results in a significant movement of actuator arm 24
  • the read operation desirably reads at least a full track of data. This results in substantial changes in the channel filter coefficients, thereby reducing any potential correlations between consecutive acquired values of the same coefficients.
  • controller 50 may retrieve the channel filter coefficients from registers 38 over communication line 54 for use in seeding a random number generator.
  • the random number generator may be an algorithm stored on a computer storage medium (e.g., memory module 52 ) and implemented by controller 50 to generate random numbers based on the channel filter coefficients. The resulting generated random numbers may be transmitted from controller 50 on output line 56 for a desired use.
  • each channel filter coefficient typically attains only a few distinct values, and a substantial portion of the variability in the given channel filter coefficient is preserved in the least significant bits.
  • the least significant bits may include bits [ 1 , 2 ], [ 1 , 2 , 3 ], and/or [ 1 , 2 , 3 , 4 ].
  • the entropy obtained from the channel filter coefficients is desirably based on the actual values of the channel filter coefficients rather than being based on comparison to preset median values.
  • any preset median values are also subject to drift due to environmental changes, thereby potentially inducing bias and thus further entropy loss in the output sequence.
  • the random number is desirably generated based at least in part on the two least-significant bits (i.e., bits [ 1 , 2 ]) of at least one of the channel filter coefficients, more desirably on the four least-significant bits (i.e., bits [ 1 , 2 , 3 , 4 ]), and even more desirably on the full number of bits (e.g., 8 bits).
  • the exceptions to this generalization include coefficient 1 (about 1.5 bit), coefficient 2 (about 3.5 bits), coefficient 4 (about 2.4 bits), and coefficient 11 (zero bits, fixed as an asymmetry compensation tap). If all of the channel filter coefficients were fully independent, the overall entropy of the 12 channel filter coefficient bytes would be about 32 bits, as shown below in Table 1.
  • FIG. 3 is a graphical illustration of channel filter coefficients 1-12 (x-axis) versus the values of the coefficients for 10 sample coefficient sets (y-axis), which illustrates correlations that may occur between the separate channel filter coefficients.
  • the data points belonging to a particular coefficient set are connected by straight line segments.
  • several segments between the coefficient values e.g., between coefficients 4 and 5) are substantially parallel, which illustrates a positive correlation.
  • coefficient 4 increases, coefficient 5 will also increase, and the combined entropy of coefficients 4 and 5 is not much greater than the entropy of coefficient 4 alone.
  • some segments e.g., between coefficients 7 and 8 cross each other at substantially the same half-way point, which illustrates a negative correlation.
  • coefficient 7 increases, coefficients 8 decreases by substantially the same amount, and the combined entropy of coefficients 7 and 8 is not much greater than the entropy of coefficients 7 alone. Accordingly, due to correlations that may occur between the separate channel filter coefficients, the available entropy is typically less than the estimates of the coefficient samples provided in isolation.
  • the available physical entropy has to be estimated.
  • the hashing operations desirably modify the statistical distributions of the signals to increase the level of randomness at the expense of reducing the number of output bits (i.e., the throughput or yield).
  • Suitable hashing operations include XOR trees, linear feedback shift registers, arithmetic hash functions, Secure Hash Algorithm (SHA) functions, Advanced Encryption Standard (AES) functions with discarding a few output bits, Data Encryption Standard (DES) functions also with discarding output bits, and combinations thereof.
  • SHA Secure Hash Algorithm
  • AES Advanced Encryption Standard
  • DES Data Encryption Standard
  • each possible k-bit block in the sequence of the hashed coefficient sets occurs at roughly the same number of times.
  • each hashed filter coefficient set appears independently, at about the same frequency. Consequently, no filter coefficient set occurs with a probability that is substantially greater than 2 ⁇ k , and the min-entropy of one coefficient set is about k.
  • n such independent blocks are used to seed the random number generator
  • FIG. 4 is a flow diagram of method 58 for generating m random numbers based at least in part on the physical entropy attainable with channel filter coefficients of storage device 10 .
  • the following discussion of method 58 is made with reference to a cryptographic random number generator specified in the Federal Information Processing Standards (FIPS) Publication 186-2 with the SHA-1 hash function and a 192-bit internal state to provide random number outputs x j , each having a 160-bit size.
  • FIPS Federal Information Processing Standards
  • storage device 10 and method 58 are also suitable for use with a variety of different random number generation and hashing algorithms (e.g., FIPS-186-2 and SHA-256).
  • variables of the random number generator are desirably preset.
  • the initial entropy of XKEY is zero at boot up of storage device 10 .
  • XKEY may alternatively be initially set as a secret value ranging between zero and 2 192 ⁇ 1 (inclusive).
  • method 58 may be performed. As shown, method 58 includes steps 60 - 80 , and initially involves generating seeds values from sources of physical entropy. This may involve retrieving one or more channel filter coefficients (e.g., with controller 50 ), as discussed above (step 60 ). Based on the above-discussed entropy estimation process, one channel filter coefficient dataset typically provides at least about 16 bits of entropy. Therefore, a sampling of eight datasets is suitable for providing 128-bits of physical entropy, desirable for generating 128-bit cryptographic keys. The retrieval of eight data sets may be performed in about 80 milliseconds, thereby allowing up to about twelve reseedings to be performed each second. In addition to the channel filter coefficients, controller 50 may also retrieve physical entropy from other sources in storage device 10 , such as by sampling a free running counter of storage device 10 . This improves security against hardware-based attacks that attempt to influence the channel filter coefficients.
  • controller 50 may also retrieve physical entropy from other sources in
  • the seed values for the random number generator may then be generated from the retrieved channel filter coefficients (and from any additional physical entropy sources).
  • the four least-significant bits of 11 channel filter coefficients, per each of eight datasets, together with counter sampling, may provide about 384 raw seed bits. Because the random number generator in this example is limited to a 192-bit internal state, the 384 raw seed bits may be divided into two 192-bit XSEED j values for use in two separate iterations of the algorithm.
  • An updated XKEY (referred to as a seed-key) may then be generated from the initialized variables (e.g., XKEY, t, and j) and the XSEED j value (step 62 ).
  • X KEY (1 +X KEY+ x j )mod 2 192
  • the algorithm generates XVAL based on XKEY and XSEED j , generates the random number x j based on the SHA-1 hashing function of t and XVAL, and updates XKEY based on the previous value of XKEY and the random number x j .
  • the random number x j is desirably not output.
  • the algorithm under method 58 desirably accumulates a suitable amount of physical entropy prior to outputting the random numbers x j , while keeping XKEY continuously updated.
  • step 62 of method 58 regardless of the entropy of XSEED j , the entropy in XKEY cannot increase to more than 160 bits (i.e., the length of the added x j ), which is stored in the least-significant 160 bits of XKEY. Under a standard operation, during the next iterations only these least-significant 160 bits would be directly further modified, the most significant bits are only affected by the carry bit from manipulating the least significant bits. As a result, the accumulated entropy stored in XKEY would only increase slowly beyond 160 bits. However, as discussed below, steps 66 and 68 of method 58 are intended to compensate for this limitation.
  • step 64 of method 58 controller 50 determines whether the current iteration is equal to a preset iteration value R, which is desirably preset to allow a suitable number of iterations under steps 60 - 64 to pass to accumulate physical entropy.
  • R a preset iteration value
  • suitable values for R range from two to about two less than the total number of entropy-accumulation iterations.
  • the values in the least-significant (LS) 160 bits of XKEY may be shifted up to fill the most-significant or more-significant (MS) bits of XKEY (step 66 ). This allows subsequent iterations to only affect the least-significant 160 bits of XKEY and keeps the initial entropy stored in the most/more-significant bits of XKEY intact.
  • the seeding process may be performed in two phases.
  • the generated random numbers x j are discarded and only XKEY is kept updated.
  • the second phase i.e., step 66
  • the least-significant 160 bits of the current XKEY may be shifted to the most/more-significant bits of XKEY.
  • the remaining iterations (steps 68 - 72 ) may then be used to accumulate the rest of the physical entropy for updating the least-significant 160 bits of the current XKEY.
  • steps 68 and 70 may be performed in the same manner as discussed above for steps 60 and 62 for increasing the entropy in the least-significant 160 bits of XKEY.
  • the outputted x j contains a high level of entropy due to the accumulated physical entropy attained with the algorithm of method 58 . Generating secure random numbers in this manner precludes the need for secure, protected storage for keys or for the internal state of the generator.
  • This above-discussed process of method 58 uses multiple, successive samplings of the channel filter coefficient datasets for initialization of the cryptographic pseudorandom number generator. Later, multiple random numbers may be generated to be used for a variety of purposes (e.g., cryptographic purposes) and/or may be combined through one or more additional hashing operations for subsequent use.
  • step 66 when accumulating more than 320 bits of internal entropy (i.e., when XKEY is chosen longer than 40 bytes), step 66 may be expanded to additional bit locations in XKEY. This allows subsequent iterations to only affect the least-significant 160 bits of XKEY, and keeps the entropies stored in the successive-significant bits of XKEY intact.
  • the SHA-1 hash function limits the number of usable bits to 512 bits. However, in alternative embodiments, the SHA-1 hash function may be replaced by hash functions operating on larger (or on multiple) blocks.
  • each channel filter coefficient may undergo one or more pre-processing operations prior to generating the XSEED in steps 60 and 68 .
  • each channel filter coefficient dataset may be compressed (e.g., to 40 bits), while desirably retaining at least the four least-significant bits of each coefficient to preserve the physical entropy.
  • Several of these compressed blocks may then be used concatenated in steps 62 and 70 of method 58 , thereby speeding up the seeding process by trading the slower SHA-1 hash function calls with faster data compression steps.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • General Engineering & Computer Science (AREA)
  • Computational Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

Devices and methods are disclosed for improved random number generation. In some embodiments, a device may include a plurality of registers configured to store channel filter coefficients, each of the channel filter coefficients including a plurality of bits, and a controller configured to retrieve at least one channel filter coefficient from the plurality of registers, and to generate a random number based at least in part on the at least one retrieved channel filter coefficient. The device may generate a random number at least in part based on a number of least-significant bits of the at least one retrieved channel filter coefficient.

Description

BACKGROUND
The present disclosure is directed to encryption systems for devices. In particular, the present disclosure is directed to random number generators for generating seeds for pseudorandom number generators in devices, such as data storage devices.
There are many applications that require the fast production of random numbers having high levels of unpredictability. Such applications include cryptographic key generation in key servers, session keys, and nonces; simulations; Monte Carlo or randomized computations; dithering; gambling; video games; and the like. Often buffered, off-line generated random numbers may be used. However, the necessary large secure buffer is typically expensive and may introduce a significant latency for the buffer to be filled.
Another application of highly unpredictable random numbers is related to securing data storage devices. Common techniques for securing data storage devices include the use of cryptographic algorithms that rely on secret values, such as passwords or cryptographic keys. Such algorithms are typically open to the public and as such rely heavily on the secret quantity. Thus, the strength of the secret value is a function of how easy it is to guess the value. In general, the strongest secret quantity will be one that is selected through a true random process, such as random number generation. Accordingly, there is an ongoing need for techniques and systems for efficiently generating random numbers for securing data storage devices.
SUMMARY
A first aspect of the present disclosure is directed to a device that includes a plurality of registers configured to store channel filter coefficients. The device also includes a controller configured to retrieve the channel filter coefficient(s) from the plurality of registers and to implement a random number generator. The random number generator is configured to generate a random number based at least in part on the values of the retrieved channel filter coefficient(s).
Another aspect of the present disclosure is directed to a data storage device that includes a controller configured to retrieve channel filter coefficients from a plurality of registers of a data receiver. The data storage device also includes an algorithm implemented by the controller to generate a random number based at least in part on the values of the retrieved channel filter coefficients.
Another aspect of the present disclosure is directed to a method for encrypting a device. The method includes retrieving channel filter coefficients from a plurality of registers of the device, and generating at least one seed value based at least in part on the value of each of the retrieved channel filter coefficients. The method also includes performing a hashing algorithm on the at least one seed value, generating a random number based at least in part on the at least one hashed seed value, and outputting the random number.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a plan view of a data storage device for storing and transferring data.
FIG. 2 is a block diagram of data receiver of the data storage device.
FIG. 3 is a graphical illustration of channel filter coefficients versus values of the channel filter coefficients attainable from the data receiver of the data storage device, which illustrates correlations that may occur between separate channel filter coefficients.
FIG. 4 is a flow diagram of a method for generating random numbers based on physical entropy attainable with the channel filter coefficients of the data storage device.
 DETAILED DESCRIPTION
The present disclosure is directed to cryptographic pseudorandom number generators for supplying devices, such as data storage devices, with random numbers based on coefficients of adaptive channel filters (referred to as channel filter coefficients). The channel filter coefficients are at least partially unpredictable physical entropy sources that may be used to seed cryptographic random number generators at each power up and at special requests (e.g., while re-initializing firmware).
The entropy obtained from the channel filter coefficients is desirably based on the full values of the channel filter coefficients rather than being based on comparisons to preset median values. As discussed below, each channel filter coefficient typically attains only a few distinct values, and a substantial portion of the variability in the given channel filter coefficient is preserved in the least significant bits. Seeding with such physical entropy sources allows a pseudorandom number generator to provide unique pseudorandom number sequences, with a negligible probability of a repeated sequence. Furthermore, with repeated access to the channel filter coefficients, the data storage device may obtain as much entropy as necessary for encryption purposes. Accordingly, generating secure random sequences in this manner precludes the need for secure, protected storage for keys or for the internal state of the generator between random number generating sessions, for example, over power cycles.
FIG. 1 is a plan view of storage device 10, which is an exemplary data storage device (e.g., a hard disk drive) for storing and transferring data with a host device (not shown). As shown, the components of storage device 10 are retained between base 12 and top cover 14 (shown in partial cut-away), which mate to form a partially or fully sealed housing. Storage device 10 also includes storage disk 16 and spindle motor 18, where spindle motor 18 rotates storage disk 16 in a rotational direction during operation. Storage disk 16 includes recordable surface 20, which is a surface of storage disk 16 having one or more recordable regions.
Storage device 10 further includes actuation motor 22 (e.g., a voice coil motor), actuator arm 24, suspension assembly 26, and slider 28, where slider 28 carries a transducing head (not shown in FIG. 1). Slider 28 is supported by suspension assembly 26, which in turn is supported by actuator arm 24. Actuation motor 22 is configured to pivot actuator arm 24 about an axis in order to sweep suspension assembly 26 and slider 28 in an arc across recordable surface 20 (represented by arrow 30), where slider 28 desirably floats above recordable surface 20 on a cushion or air. An additional microactuation system (not shown) may also be used to produce precise, small-scale movements of suspension assembly 26 and slider 28. As slider 28 moves across recordable surface 20, the transducing head carried by slider 28 may be positioned relative to selected data tracks located on recordable surface 20. This allows the transducing head to write data to, and read from, the data tracks on recordable surface 20 during operation. Accordingly, during a read operation, the transducing head generates a read signal based on the magnetic pattern stored in recordable surface 20. This read signal is processed by a data receiver (not shown in FIG. 1) to identify data represented by the magnetic pattern.
During operation, actuator arm 24 may be prone to mechanical vibrations, which are affected by air turbulence. The vibration in vertical direction may influence the amplitude of the read signal, while the radial vibration may affects the noise pattern from the granular structure of the magnetic particles and crosstalk from neighbor tracks. In order to keep the transducing head of slider 28 on track, servo patterns may be written to recordable surface 20. These servo patterns may be organized in radial spokes which are typically traversed by the transducing head about 200 times per revolution.
After the transducing head crosses these servo patterns, a controller (not shown in FIG. 1) evaluates the read signal and corrects the radial position accordingly. It also tunes an adaptive channel equalization filter for optimum signal shape. This may be accomplished with hard coded algorithms in the integrated circuits, or with drive firmware stored on a computer storage medium of storage device 10 (e.g., in read-only memory), which can access the channel filter coefficients, for example via a data bus or a diagnostic interface between the main control application-specific integrated circuit (ASIC) and the channel signal processor.
The tracking correction is based on the current radial position, velocity and acceleration of the transducing head. As discussed below, the channel filter coefficients represent resistor values of an analog equalization filter, continuously tuned by the controller of the read/write channel chip to make the peaks of the output signal close to equally high. These values are affected by the turbulent airflow and mechanical vibrations, as well as by the head noise, the electronic noise, the motor speed variations, the flight height of the transducing head, the actual path of the transducing head over the track, the tracking error corrections, and the like. Thus, the channel filter coefficient values are constantly updated as the transducing head reads the servo patterns on recordable surface 20 to maintain correct positioning over the track. These updated values provide unpredictable physical entropy sources that may be used to seed cryptographic random number generators, as well as faster but less unpredictable pseudorandom number generators.
FIG. 2 is a block diagram of data receiver 32, which is an example of a suitable data receiver for use in storage device 10 (shown in FIG. 1). As shown in FIG. 2, data receiver 32 receives a read signal from the transducing head of slider 28 on communication line 34. Data receiver 32 may also include one or more preamplifiers (not shown) to amplify the read signal, and/or more signal filters (not shown) to remove noise from the read signal, and/or one or more analog-to-digital converters (not shown) to digitize the read signal. Communication line 34 is connected to equalization filter 36, which is configured to modify the read signal based on the channel filter coefficients stored in registers 38. Examples of suitable filters for equalization filter 36 include digital and analog equalization filters, such as finite impulse response filters.
In the shown embodiment, registers 38 include 12 separate registers 38 a-38 l, each of which stores a channel filter coefficient (e.g., 8-bit registers). In alternative embodiments, registers 38 may include different numbers of registers based on the particular designs of storage device 10. The channel filter coefficients stored in registers 38 a-38 l are used by data receiver 32 to modify the read signals to achieve an increased quality of the received read channel signal.
The equalized read signal that is output from equalization filter 36 is relayed over communication line 40 to detector 42. Detector 42 is a signal detector (e.g., a Viterbi detector), which receives and evaluates the equalized read signals from equalization filter 36. This allows detector 42 to identify whether equalization filter 36 is properly modifying the read signals. The equalized read signals are then output from detector 42 along communication line 44, where they may undergo post processing (e.g., parity error checking) to produce channel output signals.
As discussed above, the read signals relayed to equalization filter 36 have signal characteristics that vary due to factors such as turbulent airflow, mechanical vibrations, head noise, electronic noise, motor speed variations, flight height of the transducing head, the actual path of the transducing head over the track, the tracking error corrections, and the like. As such, equalization filter 36 frequently updates the channel filter coefficients stored in registers 38 a-38 l to achieve an increased quality of the received read channel signal. This may be performed with feedback lines 46 and 48, which connects registers 38, detector 42, and controller 50, thereby providing a process control loop that may be managed by controller 50.
As successive equalized read signals are relayed from equalization filter 36 to detector 42 over communication line 42, detector 42 evaluates the equalized read signals. If the signal quality is not optimal, detector 42 relays one or more correction signals to registers 38 over feedback lines 46 and 48. The channel filter coefficients stored in registers 38 a-38 l may then be updated to keep the signal characteristics of the equalized read signals the most desirable. As discussed above, because storage device 10 continuously reads the servo patterns on recordable surface 20 to keep the transducing head correctly positioned over the track, the channel filter coefficients stored in registers 38 a-38 l are constantly updated.
The channel filter coefficients are typically updated to remain around a set of values that represent the most likely values needed to properly modify the read signal. Thus, each channel filter coefficient typically attains only a few distinct values. Furthermore, one or more of the channel filter coefficients may be fixed as an asymmetry compensation tap, which is set for the transducing head and each zone on recordable surface 20 during the manufacture of storage device 10. In these cases, the fixed coefficients do not provide physical entropy and may be disregarded.
When a random number is requested (e.g., for seeding or reseeding a random number generator), a seek and read operation may be performed by the transducing head. The seek operation desirably results in a significant movement of actuator arm 24, and the read operation desirably reads at least a full track of data. This results in substantial changes in the channel filter coefficients, thereby reducing any potential correlations between consecutive acquired values of the same coefficients.
Based on firmware stored in memory module 52, controller 50 may retrieve the channel filter coefficients from registers 38 over communication line 54 for use in seeding a random number generator. In function, the random number generator may be an algorithm stored on a computer storage medium (e.g., memory module 52) and implemented by controller 50 to generate random numbers based on the channel filter coefficients. The resulting generated random numbers may be transmitted from controller 50 on output line 56 for a desired use.
As discussed above, each channel filter coefficient typically attains only a few distinct values, and a substantial portion of the variability in the given channel filter coefficient is preserved in the least significant bits. In an 8-bit register (e.g., registers 38 a-38 l), the least significant bits may include bits [1,2], [1,2,3], and/or [1,2,3,4]. The entropy obtained from the channel filter coefficients is desirably based on the actual values of the channel filter coefficients rather than being based on comparison to preset median values. While a comparison to a preset median value (e.g., greater or less than the preset median value) provides a suitable means for generating random numbers, most of the available physical entropy in the channel filter coefficients (i.e., the least significant several bits) is discarded by only retaining the results of the comparisons. Furthermore, any preset median values are also subject to drift due to environmental changes, thereby potentially inducing bias and thus further entropy loss in the output sequence.
The random number is desirably generated based at least in part on the two least-significant bits (i.e., bits [1,2]) of at least one of the channel filter coefficients, more desirably on the four least-significant bits (i.e., bits [1,2,3,4]), and even more desirably on the full number of bits (e.g., 8 bits). In the exemplary implementation, the full 8-bits of each channel filter coefficient generally includes about three bits of Shannon Entropy H, which is represented by Equation 1:
H=−Σp i(y i)log2 p i(y i)  (Equation 1)
where pi(yi) is the probability mass function of yi and where yi is a discrete random variable with possible distinct values y1 . . . yn. In one example implementation, the exceptions to this generalization include coefficient 1 (about 1.5 bit), coefficient 2 (about 3.5 bits), coefficient 4 (about 2.4 bits), and coefficient 11 (zero bits, fixed as an asymmetry compensation tap). If all of the channel filter coefficients were fully independent, the overall entropy of the 12 channel filter coefficient bytes would be about 32 bits, as shown below in Table 1.
TABLE 1
Entropy
Channel Filter (bits)
1 1.491
2 3.536
3 3.266
4 2.378
5 3.082
6 3.104
7 3.018
8 2.765
9 2.967
10  3.268
11  0.000
12  3.144
Total 32.019

However, statistical tests show that the actual amount of Shannon entropy attainable in an exemplary 12-register system is less than 32 bits (e.g., from about 16 bits to about 24 bits) because of correlations between the channel filter coefficients.
FIG. 3 is a graphical illustration of channel filter coefficients 1-12 (x-axis) versus the values of the coefficients for 10 sample coefficient sets (y-axis), which illustrates correlations that may occur between the separate channel filter coefficients. The data points belonging to a particular coefficient set are connected by straight line segments. As shown in FIG. 3, several segments between the coefficient values (e.g., between coefficients 4 and 5) are substantially parallel, which illustrates a positive correlation. Thus, if coefficient 4 increases, coefficient 5 will also increase, and the combined entropy of coefficients 4 and 5 is not much greater than the entropy of coefficient 4 alone. Furthermore, some segments (e.g., between coefficients 7 and 8) cross each other at substantially the same half-way point, which illustrates a negative correlation. Thus, if coefficient 7 increases, coefficients 8 decreases by substantially the same amount, and the combined entropy of coefficients 7 and 8 is not much greater than the entropy of coefficients 7 alone. Accordingly, due to correlations that may occur between the separate channel filter coefficients, the available entropy is typically less than the estimates of the coefficient samples provided in isolation.
For any practical implementation of a random number generator, the available physical entropy has to be estimated. This entropy estimation process may be performed by initially retrieving and hashing the bits of each channel filter coefficient dataset (e.g., 12×8=96 bits) to obtain a k bit output. Then, this number k may be decreased from the estimated Shannon Entropy that is attainable from the channel filter coefficient dataset (e.g., 32 bits, as shown in Table 1) until the concatenated output blocks pass all commonly-used randomness tests. The hashing operations desirably modify the statistical distributions of the signals to increase the level of randomness at the expense of reducing the number of output bits (i.e., the throughput or yield). Examples of suitable hashing operations include XOR trees, linear feedback shift registers, arithmetic hash functions, Secure Hash Algorithm (SHA) functions, Advanced Encryption Standard (AES) functions with discarding a few output bits, Data Encryption Standard (DES) functions also with discarding output bits, and combinations thereof.
The commonly-used randomness tests are typically sensitive to non-uniform distribution of k-bit blocks, but many other non-random properties are also typically checked as well. Thus, when the tests pass with a particular choice of k, it is believed that each possible k-bit block in the sequence of the hashed coefficient sets occurs at roughly the same number of times. In other words, each hashed filter coefficient set appears independently, at about the same frequency. Consequently, no filter coefficient set occurs with a probability that is substantially greater than 2−k, and the min-entropy of one coefficient set is about k. When n such independent blocks are used to seed the random number generator, an attacker has a search space of at least 2k·n elements when trying different seeds in a copy of the random number generator to guess the seed, which may be employed in the random number generator of the storage device 10 (e.g. n=k=16 gives about 2256 seeds to try).
FIG. 4 is a flow diagram of method 58 for generating m random numbers based at least in part on the physical entropy attainable with channel filter coefficients of storage device 10. The following discussion of method 58 is made with reference to a cryptographic random number generator specified in the Federal Information Processing Standards (FIPS) Publication 186-2 with the SHA-1 hash function and a 192-bit internal state to provide random number outputs xj, each having a 160-bit size. However, storage device 10 and method 58 are also suitable for use with a variety of different random number generation and hashing algorithms (e.g., FIPS-186-2 and SHA-256).
Prior to performing method 58, variables of the random number generator are desirably preset. For example, FIPS-186-2 requires initialization of variables such as an internal state seed key (referred to as XKEY) and t, where t=[H0∥H1∥H2∥H3∥H4] and is initialized to t=67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0 under the SHA-1 hash function. The initial entropy of XKEY is zero at boot up of storage device 10. However, XKEY may alternatively be initially set as a secret value ranging between zero and 2192−1 (inclusive). Additionally, a counter for the number of seeding iterations j may also be set to zero (i.e., j=0).
After the variables are preset, method 58 may be performed. As shown, method 58 includes steps 60-80, and initially involves generating seeds values from sources of physical entropy. This may involve retrieving one or more channel filter coefficients (e.g., with controller 50), as discussed above (step 60). Based on the above-discussed entropy estimation process, one channel filter coefficient dataset typically provides at least about 16 bits of entropy. Therefore, a sampling of eight datasets is suitable for providing 128-bits of physical entropy, desirable for generating 128-bit cryptographic keys. The retrieval of eight data sets may be performed in about 80 milliseconds, thereby allowing up to about twelve reseedings to be performed each second. In addition to the channel filter coefficients, controller 50 may also retrieve physical entropy from other sources in storage device 10, such as by sampling a free running counter of storage device 10. This improves security against hardware-based attacks that attempt to influence the channel filter coefficients.
The seed values for the random number generator (referred to XSEEDj) may then be generated from the retrieved channel filter coefficients (and from any additional physical entropy sources). In the current example, the four least-significant bits of 11 channel filter coefficients, per each of eight datasets, together with counter sampling, may provide about 384 raw seed bits. Because the random number generator in this example is limited to a 192-bit internal state, the 384 raw seed bits may be divided into two 192-bit XSEEDj values for use in two separate iterations of the algorithm.
An updated XKEY (referred to as a seed-key) may then be generated from the initialized variables (e.g., XKEY, t, and j) and the XSEEDj value (step 62). Under the FIPS-186-2 algorithm, the updated XKEY may be generated by the following algorithm:
XVAL=(XKEY+XSEEDj)mod 2192
x j =SHA1(t,XVAL).
XKEY=(1+XKEY+x j)mod 2192
As shown, the algorithm generates XVAL based on XKEY and XSEEDj, generates the random number xj based on the SHA-1 hashing function of t and XVAL, and updates XKEY based on the previous value of XKEY and the random number xj. It is noted that at this point in the algorithm, the random number xj is desirably not output. As discussed below, the algorithm under method 58 desirably accumulates a suitable amount of physical entropy prior to outputting the random numbers xj, while keeping XKEY continuously updated.
After step 62 of method 58, regardless of the entropy of XSEEDj, the entropy in XKEY cannot increase to more than 160 bits (i.e., the length of the added xj), which is stored in the least-significant 160 bits of XKEY. Under a standard operation, during the next iterations only these least-significant 160 bits would be directly further modified, the most significant bits are only affected by the carry bit from manipulating the least significant bits. As a result, the accumulated entropy stored in XKEY would only increase slowly beyond 160 bits. However, as discussed below, steps 66 and 68 of method 58 are intended to compensate for this limitation.
In step 64 of method 58, controller 50 determines whether the current iteration is equal to a preset iteration value R, which is desirably preset to allow a suitable number of iterations under steps 60-64 to pass to accumulate physical entropy. Examples of suitable values for R range from two to about two less than the total number of entropy-accumulation iterations. In the current example, during the first iteration j=0. As such, j≠R and steps 60-66 may be repeated until j=R. This allows a suitable amount of physical entropy to be accumulated. Once j=R, then the values in the least-significant (LS) 160 bits of XKEY may be shifted up to fill the most-significant or more-significant (MS) bits of XKEY (step 66). This allows subsequent iterations to only affect the least-significant 160 bits of XKEY and keeps the initial entropy stored in the most/more-significant bits of XKEY intact.
Accordingly, the seeding process may be performed in two phases. The first phase (steps 60-64) starts with XKEY=0, and may use a portion of the total number of seeding iterations to accumulate the physical entropy from the channel filter coefficients. During this phase, the generated random numbers xj are discarded and only XKEY is kept updated. In the beginning of the second phase (i.e., step 66), the least-significant 160 bits of the current XKEY may be shifted to the most/more-significant bits of XKEY. The remaining iterations (steps 68-72) may then be used to accumulate the rest of the physical entropy for updating the least-significant 160 bits of the current XKEY. Accordingly, steps 68 and 70 may be performed in the same manner as discussed above for steps 60 and 62 for increasing the entropy in the least-significant 160 bits of XKEY.
When the entropy accumulation is completed (e.g., based on a preset number of iterations) (step 72), an updated XKEY may then be generated from the entropy-accumulated values, and xj may be outputted as needed (step 74). Under the FIPS-186-2 algorithm, XKEY may again be updated by the following algorithm:
x j =SHA1(t,XVAL).
XKEY=(1+XKEY+x j)mod 2192
The outputted xj contains a high level of entropy due to the accumulated physical entropy attained with the algorithm of method 58. Generating secure random numbers in this manner precludes the need for secure, protected storage for keys or for the internal state of the generator.
At this point, the internal state may also be updated. Controller 50 may then determine whether the current iteration is the last iteration (i.e., whether n=m−1) (step 76). If not, then steps 74 and 76 may be repeated to continue to hash and output additional xj values and update XKEYS until the last iteration is reached. At this point, the initialization of the random number generation process may be terminated (step 78). This above-discussed process of method 58 uses multiple, successive samplings of the channel filter coefficient datasets for initialization of the cryptographic pseudorandom number generator. Later, multiple random numbers may be generated to be used for a variety of purposes (e.g., cryptographic purposes) and/or may be combined through one or more additional hashing operations for subsequent use.
In an alternative embodiment, when accumulating more than 320 bits of internal entropy (i.e., when XKEY is chosen longer than 40 bytes), step 66 may be expanded to additional bit locations in XKEY. This allows subsequent iterations to only affect the least-significant 160 bits of XKEY, and keeps the entropies stored in the successive-significant bits of XKEY intact. The SHA-1 hash function limits the number of usable bits to 512 bits. However, in alternative embodiments, the SHA-1 hash function may be replaced by hash functions operating on larger (or on multiple) blocks.
It is noted that the format and content of the seeding data is not specified in the FIPS-186-2 publication. As such, in one embodiment of method 58, each channel filter coefficient may undergo one or more pre-processing operations prior to generating the XSEED in steps 60 and 68. For example, each channel filter coefficient dataset may be compressed (e.g., to 40 bits), while desirably retaining at least the four least-significant bits of each coefficient to preserve the physical entropy. Several of these compressed blocks may then be used concatenated in steps 62 and 70 of method 58, thereby speeding up the seeding process by trading the slower SHA-1 hash function calls with faster data compression steps.
Although the present disclosure has been described with reference to preferred embodiments, workers skilled in the art will recognize that changes may be made in form and detail without departing from the spirit and scope of the disclosure.

Claims (18)

The invention claimed is:
1. A device comprising:
a plurality of registers configured to store channel filter coefficients, each of the channel filter coefficients including a plurality of bits;
a controller configured to:
retrieve at least one of the channel filter coefficients from the plurality of registers;
generate at least one seed value based at least in part on the retrieved at least one channel filter coefficients;
perform a hashing algorithm on the at least one seed value; and
generate a random number based at least in part on the at least one hashed seed value.
2. The device of claim 1, further comprising the controller configured to generate the random number based at least in part on the two least-significant bits of the at least one retrieved channel filter coefficients.
3. The device of claim 2, further comprising the controller configured to generate the random number based at least in part on each bit of the at least one retrieved channel filter coefficients.
4. The device of claim 1, wherein the at least one retrieved channel filter coefficient provides at least about 1.5 bits of Shannon Entropy to the generated random number.
5. The device of claim 4, wherein the at least one retrieved channel filter coefficient provides at least about 3.0 bits of Shannon Entropy to the generated random number.
6. The device of claim 1, wherein the at least one retrieved channel filter coefficient comprises each of the channel filter coefficients.
7. A device comprising:
a controller configured to retrieve channel filter coefficients from a plurality of registers of a data receiver, each of the retrieved channel filter coefficients comprising a plurality of bits; and
a random number generator configured to generate a random number seeded at least in part by a number of least-significant bits less than the plurality of bits of the retrieved channel filter coefficients.
8. The device of claim 7, further comprising the random number generator is configured to generate the random number seeded at least in part by the two least-significant bits of the retrieved channel filter coefficients.
9. The device of claim 7, further comprising the random number generator is configured to generate the random number seeded at least in part by the four least-significant bits the retrieved channel filter coefficients.
10. The device of claim 7, comprising the controller further configured to:
perform a seek and read operation in response to a request for a random number.
11. The device of claim 10, further comprising:
a data storage medium;
the plurality of registers;
a transducing head to perform the read and seek operation on the data storage medium and produce a read signal;
an equalization filter configured to:
receive the read signal from the transducing head;
modify the read signal based on the channel filter coefficients to produce an equalized read signal;
a signal detector to receive the equalized read signal and output a correction signal when the equalized read signal is below a specified quality level;
the controller further configured to:
direct the equalization filter to update the channel filter coefficients based on the correction signal; and
retrieve the channel filter coefficients and generate the random number seeded at least in part by a number of least-significant bits less than the plurality of bits of the retrieved channel filter coefficients.
12. The device of claim 7, further comprising the random number generator configured to accumulate entropy from at least a portion of the retrieved channel filter coefficients prior to generating the random number.
13. The device of claim 7, further comprising the random number generator configured to perform a hashing operation on the retrieved channel filter coefficients.
14. A method comprising:
retrieving channel filter coefficients from a plurality of registers, each of the channel filter coefficients comprising a plurality of bits;
generating at least one seed value based at least in part on the retrieved channel filter coefficients;
performing a hashing algorithm on the at least one seed value; and
generating a random number based at least in part on the at least one hashed seed value.
15. The method of claim 14, wherein the seed value is generated based at least in part on a number of least-significant bits less than all of the bits of the retrieved channel filter coefficients.
16. The method of claim 14, and further comprising updating the channel filter coefficients in the plurality of registers in response to a request for a random number, and retrieving the channel filter coefficients from the plurality of registers comprises retrieving the channel filter coefficients after the update.
17. The method of claim 14, wherein retrieving the channel filter coefficients, generating at least one seed value, and performing the hashing algorithm are performed over a plurality of iterations prior to outputting the random number, wherein the random number is based at least in part on the at least one hashed seed value from each of the iterations.
18. The method of claim 17, and further comprising comparing a current iteration number to a preset iteration value that dictates when to output the random number.
US12/629,256 2009-12-02 2009-12-02 Random number generator incorporating channel filter coefficients Expired - Fee Related US8635260B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/629,256 US8635260B2 (en) 2009-12-02 2009-12-02 Random number generator incorporating channel filter coefficients

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/629,256 US8635260B2 (en) 2009-12-02 2009-12-02 Random number generator incorporating channel filter coefficients

Publications (2)

Publication Number Publication Date
US20110131264A1 US20110131264A1 (en) 2011-06-02
US8635260B2 true US8635260B2 (en) 2014-01-21

Family

ID=44069650

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/629,256 Expired - Fee Related US8635260B2 (en) 2009-12-02 2009-12-02 Random number generator incorporating channel filter coefficients

Country Status (1)

Country Link
US (1) US8635260B2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10338890B1 (en) 2015-01-07 2019-07-02 Seagate Technology Llc Random values from data errors
US10372528B1 (en) 2014-12-15 2019-08-06 Seagate Technology Llc Random values from data errors

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8510642B2 (en) * 2009-09-25 2013-08-13 Stmicroelectronics, Inc. System and method for map detector for symbol based error correction codes
CN103095662B (en) * 2011-11-04 2016-08-03 阿里巴巴集团控股有限公司 A kind of online transaction safety certifying method and online transaction security certification system
US8788551B2 (en) 2011-11-15 2014-07-22 Seagate Technology Llc Random number generation using switching regulators
US9201630B2 (en) 2012-02-10 2015-12-01 Seagate Technology Llc Random number generation using startup variances
US20150304107A1 (en) 2014-04-17 2015-10-22 International Business Machines Corporation Extracting Entropy from Machine Vibration
US9329836B2 (en) 2014-04-17 2016-05-03 International Business Machines Corporation Extracting entropy from the vibration of multiple machines
US9645948B2 (en) * 2015-01-16 2017-05-09 Hamilton Sundstrand Corporation Access key generation for computer-readable memory
DE102016119750B4 (en) * 2015-10-26 2022-01-13 Infineon Technologies Ag Devices and methods for multi-channel scanning
US10790850B1 (en) * 2019-06-28 2020-09-29 Nxp B.V. Signal amplitude aware dithering method for enhancing small signal linearity in an analog-to-digital converter
US20220207209A1 (en) * 2020-12-30 2022-06-30 Beijing Voyager Technology Co., Ltd. Deterministic sampling of autonomous vehicle simulation variables at runtime

Citations (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4122405A (en) 1977-10-21 1978-10-24 National Semiconductor Corporation Digital logic level signal indication of phase and frequency lock condition in a phase-locked loop
US4270430A (en) * 1979-11-19 1981-06-02 Kawai Musical Instrument Mfg. Co., Ltd. Noise generator for a polyphonic tone synthesizer
US4641102A (en) 1984-08-17 1987-02-03 At&T Bell Laboratories Random number generator
US4791594A (en) * 1986-03-28 1988-12-13 Technology Inc. 64 Random-access psuedo random number generator
US4799259A (en) 1986-04-10 1989-01-17 Rockwell International Corporation Monolithic random digital noise generator
US5471176A (en) 1994-06-07 1995-11-28 Quantum Corporation Glitchless frequency-adjustable ring oscillator
US5541996A (en) * 1994-12-12 1996-07-30 Itt Corporation Apparatus and method for a pseudo-random number generator for high precision numbers
US5732138A (en) * 1996-01-29 1998-03-24 Silicon Graphics, Inc. Method for seeding a pseudo-random number generator with a cryptographic hash of a digitization of a chaotic system
US20030158876A1 (en) 2002-02-21 2003-08-21 Koninklijke Philips Electronics N.V. On-line randomness test through overlapping word counts
US20030158875A1 (en) 2002-02-21 2003-08-21 Koninklijke Philips Electronics N.V. Randomness test utilizing auto-correlation
US20030156713A1 (en) 2002-02-21 2003-08-21 Koninklijke Philips Electronics N.V. On-line randomness test for detecting irregular pattern
US20030172096A1 (en) * 2002-03-08 2003-09-11 Xie Wenxiang Mdethod and apparatus for generating random numbers based on filter coefficients of an adaptive filter
US20030187890A1 (en) 2002-03-26 2003-10-02 Koninklijke Philips Electronics N.V. Gap average on-line randomness test
US20030200238A1 (en) 2002-04-17 2003-10-23 Koninklijke Philips Electronics N.V. Hadamard-transform on-line randomness test
US6675113B2 (en) 2002-03-26 2004-01-06 Koninklijke Philips Electronics N.V. Monobit-run frequency on-line randomness test
US6993543B2 (en) 2002-04-22 2006-01-31 Koninklijke Philips Electronics N.V. Gap histogram on-line randomness test
US20060067527A1 (en) * 2004-09-27 2006-03-30 Urivskiy Alexey V Method for making seed value used in pseudo random number generator and device thereof
US7047262B2 (en) 2002-08-21 2006-05-16 Koninklijke Philips Electronics N.V. Entropy estimation and decimation for improving the randomness of true random number generation
US7124155B2 (en) 2002-07-25 2006-10-17 Koninklijke Philips Electronics N.V. Latching electronic circuit for random number generation
US7149764B2 (en) 2002-11-21 2006-12-12 Ip-First, Llc Random number generator bit string filter
US20070273408A1 (en) 2004-08-09 2007-11-29 Jovan Golic Random Number Generation Based on Logic Circuits with Feedback
US20080313249A1 (en) 2003-06-24 2008-12-18 Renesas Technology Corp. Random number generator with ring oscillation circuit
US20090077146A1 (en) 2007-09-18 2009-03-19 Seagate Technology Llc On-Line Randomness Test For Restart Random Number Generators
US20090077147A1 (en) 2007-09-18 2009-03-19 Seagate Technology Llc Multi-Bit Sampling Of Oscillator Jitter For Random Number Generation
US20090106339A1 (en) 2007-10-19 2009-04-23 Samsung Electronics Co., Ltd. Random number generator
US20090110188A1 (en) 2007-10-30 2009-04-30 Sandisk Il Ltd. Configurable random number generator
US20090132624A1 (en) 2004-10-15 2009-05-21 Koninklijke Philips Electronics N.V. Integrated circuit with a true random number generator

Patent Citations (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4122405A (en) 1977-10-21 1978-10-24 National Semiconductor Corporation Digital logic level signal indication of phase and frequency lock condition in a phase-locked loop
US4270430A (en) * 1979-11-19 1981-06-02 Kawai Musical Instrument Mfg. Co., Ltd. Noise generator for a polyphonic tone synthesizer
US4641102A (en) 1984-08-17 1987-02-03 At&T Bell Laboratories Random number generator
US4791594A (en) * 1986-03-28 1988-12-13 Technology Inc. 64 Random-access psuedo random number generator
US4799259A (en) 1986-04-10 1989-01-17 Rockwell International Corporation Monolithic random digital noise generator
US5471176A (en) 1994-06-07 1995-11-28 Quantum Corporation Glitchless frequency-adjustable ring oscillator
US5541996A (en) * 1994-12-12 1996-07-30 Itt Corporation Apparatus and method for a pseudo-random number generator for high precision numbers
US5732138A (en) * 1996-01-29 1998-03-24 Silicon Graphics, Inc. Method for seeding a pseudo-random number generator with a cryptographic hash of a digitization of a chaotic system
US20030158876A1 (en) 2002-02-21 2003-08-21 Koninklijke Philips Electronics N.V. On-line randomness test through overlapping word counts
US20030158875A1 (en) 2002-02-21 2003-08-21 Koninklijke Philips Electronics N.V. Randomness test utilizing auto-correlation
US20030156713A1 (en) 2002-02-21 2003-08-21 Koninklijke Philips Electronics N.V. On-line randomness test for detecting irregular pattern
US6947960B2 (en) 2002-02-21 2005-09-20 Koninklijke Philips Electronics N.V. Randomness test utilizing auto-correlation
US20030172096A1 (en) * 2002-03-08 2003-09-11 Xie Wenxiang Mdethod and apparatus for generating random numbers based on filter coefficients of an adaptive filter
US6931425B2 (en) 2002-03-08 2005-08-16 Seagate Technology Llc Method and apparatus for generating random numbers based on filter coefficients of an adaptive filter
US6675113B2 (en) 2002-03-26 2004-01-06 Koninklijke Philips Electronics N.V. Monobit-run frequency on-line randomness test
US20030187890A1 (en) 2002-03-26 2003-10-02 Koninklijke Philips Electronics N.V. Gap average on-line randomness test
US20030200238A1 (en) 2002-04-17 2003-10-23 Koninklijke Philips Electronics N.V. Hadamard-transform on-line randomness test
US7031991B2 (en) 2002-04-17 2006-04-18 Koninklijke Philips Electronics N.V. Hadamard-transform on-line randomness test
US6993543B2 (en) 2002-04-22 2006-01-31 Koninklijke Philips Electronics N.V. Gap histogram on-line randomness test
US7124155B2 (en) 2002-07-25 2006-10-17 Koninklijke Philips Electronics N.V. Latching electronic circuit for random number generation
US7047262B2 (en) 2002-08-21 2006-05-16 Koninklijke Philips Electronics N.V. Entropy estimation and decimation for improving the randomness of true random number generation
US7149764B2 (en) 2002-11-21 2006-12-12 Ip-First, Llc Random number generator bit string filter
US20080313249A1 (en) 2003-06-24 2008-12-18 Renesas Technology Corp. Random number generator with ring oscillation circuit
US20070273408A1 (en) 2004-08-09 2007-11-29 Jovan Golic Random Number Generation Based on Logic Circuits with Feedback
US20060067527A1 (en) * 2004-09-27 2006-03-30 Urivskiy Alexey V Method for making seed value used in pseudo random number generator and device thereof
US20090132624A1 (en) 2004-10-15 2009-05-21 Koninklijke Philips Electronics N.V. Integrated circuit with a true random number generator
US20090077146A1 (en) 2007-09-18 2009-03-19 Seagate Technology Llc On-Line Randomness Test For Restart Random Number Generators
US20090077147A1 (en) 2007-09-18 2009-03-19 Seagate Technology Llc Multi-Bit Sampling Of Oscillator Jitter For Random Number Generation
US20090106339A1 (en) 2007-10-19 2009-04-23 Samsung Electronics Co., Ltd. Random number generator
US20090110188A1 (en) 2007-10-30 2009-04-30 Sandisk Il Ltd. Configurable random number generator

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Cryptographically Secure Pseudorandom Number Generator", Wikipedia, 2009, <http://en.wikipedia.org/wiki/Cryptographically-secure-pseudorandom-number-generator>.
"Cryptographically Secure Pseudorandom Number Generator", Wikipedia, 2009, <http://en.wikipedia.org/wiki/Cryptographically—secure—pseudorandom—number—generator>.
Rick Walker: "A Monolithic High-Speed Voltage Controlled Ring Oscillator", Instrument Technology Department, HP Labs, Palo Alto, CA.

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10372528B1 (en) 2014-12-15 2019-08-06 Seagate Technology Llc Random values from data errors
US10338890B1 (en) 2015-01-07 2019-07-02 Seagate Technology Llc Random values from data errors

Also Published As

Publication number Publication date
US20110131264A1 (en) 2011-06-02

Similar Documents

Publication Publication Date Title
US8635260B2 (en) Random number generator incorporating channel filter coefficients
US10536266B2 (en) Cryptographically securing entropy for later use
US11516027B2 (en) Method and apparatus for protecting embedded software
US6252961B1 (en) Method and apparatus for performing data encryption and error code correction
KR101366376B1 (en) Signal generator based device security
JP2008245112A (en) Data storage device and encryption key management method
US20140205093A1 (en) Method and system for generating a random number
JP4646927B2 (en) Encryption key in storage system
CN100380507C (en) Error-correcting device and decoder enabling fast error correction with reduced circuit scale
KR20010022054A (en) Concurrent row/column syndrome generator for a product code
KR20090080032A (en) Method and system for providing security for storage devices
EP2329622A2 (en) Message authentication code pre-computation with applications to secure memory
US20090316899A1 (en) Encryption/decryption device and security storage device
US8996596B2 (en) Apparatus and method of generating random number
JP4718319B2 (en) Apparatus and method for generating a secret key
US20250125955A1 (en) Updateable encryption in self encrypting drives
EP0754341A1 (en) A method and apparatus for protecting data from mis-synchronization errors
US6931425B2 (en) Method and apparatus for generating random numbers based on filter coefficients of an adaptive filter
US11188306B1 (en) Distributed random-number generator
US20220179567A1 (en) Memory system and method of managing encryption key
US7167882B2 (en) True random number generation
US20060174184A1 (en) Method and apparatus for encoding and decoding data using a pseudo-random interleaver
US20090161246A1 (en) Random Number Generation Using Hard Disk Drive Information
JP3683738B2 (en) Method and apparatus for performing data encryption and error code correction
Panda et al. An Efficient Noise Generator for Validation of Channels Equalizers

Legal Events

Date Code Title Description
AS Assignment

Owner name: SEAGATE TECHNOLOGY LLC, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HARS, LASZLO;REEL/FRAME:023593/0560

Effective date: 20091130

AS Assignment

Owner name: THE BANK OF NOVA SCOTIA, AS ADMINISTRATIVE AGENT, CANADA

Free format text: SECURITY AGREEMENT;ASSIGNOR:SEAGATE TECHNOLOGY LLC;REEL/FRAME:026010/0350

Effective date: 20110118

Owner name: THE BANK OF NOVA SCOTIA, AS ADMINISTRATIVE AGENT,

Free format text: SECURITY AGREEMENT;ASSIGNOR:SEAGATE TECHNOLOGY LLC;REEL/FRAME:026010/0350

Effective date: 20110118

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

SULP Surcharge for late payment
FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20220121